win32/excryptor

Captain_Crusty

War Hero
Kit Reviewer
Book Reviewer
#1
AVG announced this evening that my computer had win32/excryptor (a malware it would seem having googled it).

It dealt with it and I deleted it from the vault. I then made sure I was fully updated on AVG and ran another full scan of the computer. This scan showed up as fully clear.

Am I now fine? Do I need to do anything else?

Any advice gratefully received.

C_C
 
#3
Double check with this: Emsisoft Free Emergency Kit download it, extract to a folder on a memory stick and run a2emergencykit.exe

msr
 

Captain_Crusty

War Hero
Kit Reviewer
Book Reviewer
#4
MSR - many thanks. Ran Emisoft over night and it came up with 3 high risks (although 2 of these appeared to be BT Connection software) - now deleted and hopefully clean!

Now have emisoft on a USB stick just in case though!

C_C
 
#5
Can you post a copy of the log file?

msr
 

Captain_Crusty

War Hero
Kit Reviewer
Book Reviewer
#6
Emsisoft Anti-Malware - Version 1.0
Last update: 27/07/2010 22:56:14

Scan settings:

Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: Off
Heuristics: Off
ADS Scan: On

Scan start: 27/07/2010 22:58:49

Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel detected: Trace.Registry.dl.tvunetworks.com!A2
C:\HP\BIN\EndProcess.exe detected: Riskware.Win32.KillApp!A2
C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll detected: Backdoor.Win32.IRCNite.po!A2
C:\WINDOWS\Installer\{11F5AF48-471B-4C6F-A464-B18AA494BB2D}\bttxtico.exe detected: Gen.Trojan!IK
C:\WINDOWS\Temp\._msige52\program files\Google\Google Earth\plugin\googleearth_free.dll detected: Backdoor.Win32.IRCNite.po!A2

Scanned

Files: 200476
Traces: 394374
Cookies: 10
Processes: 88

Found

Files: 4
Traces: 4
Cookies: 0
Processes: 0
Registry keys: 0
 
#7
This one is a false positive: C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll detected: Backdoor.Win32.IRCNite.po!A2

I have let them know and it should be fixed in a future update.

msr
 

Captain_Crusty

War Hero
Kit Reviewer
Book Reviewer
#8
MSR - many thanks.

Have now rerun emisoft and its showing clean so fingers crossed!

Will make donation to Hols4Heroes...

C_C
 
Thread starter Similar threads Forum Replies Date
BossHogg Gaming and Software 22
BuggerAll Gaming and Software 4

Similar threads

Latest Threads

Top